aloux-iam 0.0.5 → 0.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/auth.js +91 -0
- package/lib/swagger.yaml +69 -1
- package/package.json +1 -1
package/lib/auth.js
ADDED
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
const jwt = require('jsonwebtoken')
|
|
2
|
+
const User = require('./models/User')
|
|
3
|
+
const Permission = require('./models/Permission')
|
|
4
|
+
|
|
5
|
+
const getAccess = (user, resource) => {
|
|
6
|
+
for(let i in user._functions){
|
|
7
|
+
for(let j in user._functions[i]._permissions){
|
|
8
|
+
if(user._functions[i]._permissions[j].status === 'Activo'){
|
|
9
|
+
const permissionBack = user._functions[i]._permissions[j].method + ' ' + user._functions[i]._permissions[j].endpoint
|
|
10
|
+
if(permissionBack === resource.method + ' ' + resource.endpoint){
|
|
11
|
+
return true
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
return false
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
const auth = async(req, res, next) => {
|
|
20
|
+
|
|
21
|
+
try {
|
|
22
|
+
|
|
23
|
+
let token = req.cookies.token || req.header('Authorization')
|
|
24
|
+
|
|
25
|
+
if (!token) {
|
|
26
|
+
throw {
|
|
27
|
+
code: 401,
|
|
28
|
+
title: 'Error de autenticación',
|
|
29
|
+
detail: 'Endpoint requiere token',
|
|
30
|
+
suggestion: 'Vuelve a iniciar sesion',
|
|
31
|
+
error: new Error()
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
token = token.replace('Bearer ', '')
|
|
36
|
+
|
|
37
|
+
const data = jwt.verify(token, process.env.AUTH_SECRET)
|
|
38
|
+
const user = await User.findOne({ _id: data._id, 'tokens.token': token, status: 'Activo' }, {"tokens":0,pwd:0}).populate({ path: "_functions", populate: [{ path: "_permissions"}] }).lean()
|
|
39
|
+
|
|
40
|
+
if (!user) {
|
|
41
|
+
throw {
|
|
42
|
+
code: 401,
|
|
43
|
+
title: 'Error de autenticación',
|
|
44
|
+
detail: 'No se encontró el usuario',
|
|
45
|
+
suggestion: 'Vuelve a iniciar sesion',
|
|
46
|
+
error: new Error()
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
const resource = await Permission.findOne({ method: req.originalMethod, endpoint: req.route.path }).lean()
|
|
51
|
+
if(!resource){
|
|
52
|
+
throw {
|
|
53
|
+
code: 403,
|
|
54
|
+
title: 'Error de recurso',
|
|
55
|
+
detail: 'No se encontro dado de alta el privilegio del endpoint: [' + req.route.path + ']',
|
|
56
|
+
suggestion: 'Contacta con el administrador',
|
|
57
|
+
error: new Error()
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
if(!resource.default){
|
|
62
|
+
const access = getAccess(user, resource)
|
|
63
|
+
if (!access) {
|
|
64
|
+
throw {
|
|
65
|
+
code: 403,
|
|
66
|
+
title: 'Error de permisos',
|
|
67
|
+
detail: 'No cuentas con permisos para el recurso [' + resource.api +'] que: ' + (resource ? resource.description : 'Recurso indefinido' ),
|
|
68
|
+
suggestion: 'Contacta con el administrador',
|
|
69
|
+
error: new Error()
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
req.user = user
|
|
75
|
+
req.token = token
|
|
76
|
+
next()
|
|
77
|
+
} catch (error) {
|
|
78
|
+
let obj = error
|
|
79
|
+
if(!error.code){
|
|
80
|
+
obj = {
|
|
81
|
+
code: 401,
|
|
82
|
+
title: 'Error de autenticación',
|
|
83
|
+
detail: error.message,
|
|
84
|
+
suggestion: 'Vuelve a iniciar sesion'
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
res.status(obj.code).send(obj)
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
|
|
91
|
+
module.exports = auth
|
package/lib/swagger.yaml
CHANGED
|
@@ -71,7 +71,7 @@ paths:
|
|
|
71
71
|
type: object
|
|
72
72
|
items:
|
|
73
73
|
type: string
|
|
74
|
-
/iam/
|
|
74
|
+
/iam/auth/verify/mail:
|
|
75
75
|
post:
|
|
76
76
|
tags:
|
|
77
77
|
- users - self
|
|
@@ -145,6 +145,74 @@ paths:
|
|
|
145
145
|
type: object
|
|
146
146
|
items:
|
|
147
147
|
type: string
|
|
148
|
+
/iam/auth/signup:
|
|
149
|
+
post:
|
|
150
|
+
summary: Registrarse
|
|
151
|
+
tags:
|
|
152
|
+
- users - self
|
|
153
|
+
description: Crea una cuenta
|
|
154
|
+
requestBody:
|
|
155
|
+
content:
|
|
156
|
+
'application/json':
|
|
157
|
+
schema:
|
|
158
|
+
properties:
|
|
159
|
+
name:
|
|
160
|
+
description: Name
|
|
161
|
+
type: string
|
|
162
|
+
example: Arturo
|
|
163
|
+
lastName:
|
|
164
|
+
description: Last name
|
|
165
|
+
type: string
|
|
166
|
+
example: Vázquez
|
|
167
|
+
phone:
|
|
168
|
+
description: Phone
|
|
169
|
+
type: string
|
|
170
|
+
example: 1234567891011
|
|
171
|
+
maxLength: 13
|
|
172
|
+
email:
|
|
173
|
+
description: email
|
|
174
|
+
type: string
|
|
175
|
+
example: developer@aloux.mx
|
|
176
|
+
pwd:
|
|
177
|
+
description: password
|
|
178
|
+
type: string
|
|
179
|
+
example: password
|
|
180
|
+
minLength: 8
|
|
181
|
+
data:
|
|
182
|
+
type: object
|
|
183
|
+
properties:
|
|
184
|
+
age:
|
|
185
|
+
description: Age
|
|
186
|
+
type: integer
|
|
187
|
+
example: 26
|
|
188
|
+
gender:
|
|
189
|
+
description: Gender
|
|
190
|
+
type: string
|
|
191
|
+
enum: ["male","female"]
|
|
192
|
+
scholarship:
|
|
193
|
+
description: Scholarship
|
|
194
|
+
type: string
|
|
195
|
+
example: university
|
|
196
|
+
Entity:
|
|
197
|
+
description: Entity
|
|
198
|
+
type: string
|
|
199
|
+
example: Puebla
|
|
200
|
+
required:
|
|
201
|
+
- name
|
|
202
|
+
- lastName
|
|
203
|
+
- phone
|
|
204
|
+
- email
|
|
205
|
+
- pwd
|
|
206
|
+
- data
|
|
207
|
+
responses:
|
|
208
|
+
'200': # status code
|
|
209
|
+
description: Ok
|
|
210
|
+
content:
|
|
211
|
+
application/json:
|
|
212
|
+
schema:
|
|
213
|
+
type: object
|
|
214
|
+
items:
|
|
215
|
+
type: string
|
|
148
216
|
/iam/auth/validate/code:
|
|
149
217
|
post:
|
|
150
218
|
summary: Verificar código
|